Operating systems generally include loading functions that enable loadable objects (e.g., device drivers, programs, dynamic link libraries (dlls), etc.) to be loaded into memory. For example, the Windows® operating system includes a load library call that loads loadable objects into memory, and Unix systems include an exec call that loads loadable objects into memory. When one of these loading functions receives a request to load an object into memory, it checks the object to ensure that the object is loadable (e.g., that the structure of the object will support being loaded into memory). If the object is a loadable object, then the loading function loads it into memory.
Commercial on-access virus scanners are third party applications that scan loadable objects for known virus signatures before the loadable objects are loaded into memory. If a known virus signature is detected in a loadable object, that loadable object is not loaded into memory. However, on-access virus scanners do not prevent loadable objects from being loaded if the loadable object includes an unknown virus, if the loadable object has been modified, or if the loadable object has been corrupted.